Vulnerabilities > Nextcloud > Nextcloud Server > 16.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-8173 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | 3.5 |
| 2020-05-12 | CVE-2020-8155 | Cross-site Scripting vulnerability in Nextcloud Server An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 5.4 |
| 2020-05-12 | CVE-2020-8154 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 7.7 |
| 2020-03-20 | CVE-2020-8139 | Missing Authorization vulnerability in multiple products A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | 6.5 |
| 2020-02-04 | CVE-2019-15617 | Improper Authentication vulnerability in Nextcloud Server A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | 5.5 |
| 2020-02-04 | CVE-2019-15616 | Injection vulnerability in Nextcloud Server Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | 4.0 |